---
# tasklist for setting up bodhi
# This is the base set of files needed for bodhi

- name: Create the bodhi configuration directory
  file:
    path: /etc/bodhi
    state: directory
    owner: root
    group: root

- name: Create the bodhi group
  group:
    name: bodhi
    system: yes

- name: Create the bodhi user
  user:
    name: bodhi
    group: bodhi
    comment: Bodhi Server
    shell: /sbin/nologin
    home: /usr/share/bodhi
    system: yes
    state: present

- name: Configure alembic
  template:
    src: alembic.ini
    dest: /etc/bodhi/alembic.ini
    owner: bodhi
    group: root
  tags:
  - config
  - bodhi

# Bodhi virtualhost in RabbitMQ

- name: Configure the bodhi virtual host
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_vhost:
    name: /bodhi
    state: present
  tags:
  - rabbitmq_cluster
  - config
  - bodhi

- name: Configure the HA policy for the bodhi queues
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_policy:
    name: HA
    apply_to: queues
    pattern: .*
    tags:
      ha-mode: all
      ha-sync-mode: automatic  # Auto sync queues to new cluster members
      ha-sync-batch-size: 10000  # Larger is faster, but must finish in 1 net_ticktime
    vhost: /bodhi
  tags:
  - rabbitmq_cluster
  - config
  - bodhi

- name: Grant the admin user access to the bodhi vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: admin
    vhost: /bodhi
    configure_priv: .*
    read_priv: .*
    write_priv: .*
    tags: administrator
  tags:
  - rabbitmq_cluster
  - config
  - bodhi

- name: Grant the nagios-monitoring user access to the bodhi vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: nagios-monitoring
    vhost: /bodhi
    configure_priv: "^$"
    read_priv: "^$"
    write_priv: "^$"
    tags: monitoring
  tags:
  - rabbitmq_cluster
  - config
  - bodhi

# Create a user for Celery
# - name: Create a user for Celery usage
#   run_once: true
#   delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
#   rabbitmq_user:
#     user: "bodhi-celery{{ env_suffix }}"
#     vhost: /bodhi
#     configure_priv: .*
#     write_priv: .*
#     read_priv: .*
#     state: present
#   tags:
#   - rabbitmq_cluster
#   - config
#   - bodhi

- name: Grant the bodhi user access to the bodhi vhost
  run_once: true
  delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
  rabbitmq_user:
    user: "bodhi{{ env_suffix }}"
    vhost: /bodhi
    configure_priv: .*
    read_priv: .*
    write_priv: .*
  tags:
  - rabbitmq_cluster
  - config
  - bodhi
